[nsp-sec] DoS from Microsoft AS8075 - any useful contacts there?
James A. T. Rice
james_r-nsp at jump.org.uk
Thu Apr 11 17:43:18 EDT 2013
Greetings,
I'm having a very difficult time getting a response out of Microsoft
AS8075, and we're seeing >1Gbps DoS from them to a customer over our
peerings with them (which is filling the customers connection with us).
I've tried: secure at microsoft.com, who responded saying I needed to fill in
the form at https://cert.microsoft.com/ , this has been done, including
netflow and sflow data and pcap capture, but without any reply, the
attacks have since intensified, so I've tried calling their number in
peeringdb, but got someone who was pretty unintelligible on the 1000ms+
RTT VoIP connection they were using. They asked me to email
msnalert at microsoft.com, mocalert at direct.microsoft.com, the latter of which
bounced, and the former sounds like instant messenger trouble :/
Incidentally does anyone recognise the attack tool? Seeing lots of the
following, several ~150Mbps streams, all UDP to the same destination port,
same source port for a given source host, and a source IP address with an
unusual 0 for the last octet in one case:
17:56:40.485868 84:18:88:94:97:c0 > 00:13:5f:1f:eb:00, ethertype 802.1Q (0x8100), length 1518: vlan 1100, p 0, ethertype IPv4, (tos 0x0, ttl 56, id 30701, offset 0, flags [+], proto UDP (17), length 1500)
137.117.85.0.1249 > 193.0.159.89.25565: UDP, length 2048
.L..E...w.
.8..T.uU....Y..c....tflood............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Thanks
James Rice
Jump Networks Ltd
More information about the nsp-security
mailing list